UTSA Information Sharing and Coordination Initiatives - - PowerPoint PPT Presentation

▶

Jan 10, 2024 49 likes •220 views

Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident Response Models for Information and Resource Sharing Amy(Yun) Zhang, Ram Krishnan, Ravi Sandhu Institute for Cyber Security University of Texas at San

SLIDE 1

UTSA

Amy(Yun) Zhang, Ram Krishnan, Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio San Antonio, TX 78249 Nov 03, 2014

Presented by: Amy(Yun) Zhang

Secure Information and Resource Sharing in Cloud Infrastructure as a Service

Cyber Incident Response

Models for Information and Resource Sharing

SLIDE 2

Ref: http://www.whitehouse.gov/issues/foreign-policy/cybersecurity/national-initiative

Information Sharing and Coordination Initiatives

collaboration and

coordination to enhance situational awareness

– Share malicious activities on federal systems – Technologies, tools, procedures, analytics

UTSA

SLIDE 3

Electric Grid Scenario

Cyber incidents in

electricity providers

– Local utilities, regional, state, national operators

Need a standing

platform that facilitates sharing

– Controlled access

UTSA

SLIDE 4

UTSA

Scope

Focus on technical challenges
Sharing amongst a set of organizations

– Information, infrastructure, tools, analytics, etc. – May want to share malicious or infected code/systems (e.g. virus, worms, etc.) – Sensitive – Often ad hoc

What are the effective ways to facilitate sharing in

such circumstances?

– Information sharing models – Infrastructure, technologies, platforms

SLIDE 5

UTSA

Cyber Infrastructure for Sharing

Traditional platforms

– Shared storage

SharePoint, Dropbox, Google Drive, etc.

– Shared infrastructure

Grid computing
Modern platform

– Cloud

SLIDE 6

UTSA Cloud IaaS Advantages for Cyber Incident Sharing

Virtualized resources

– Theoretically, one can take a snapshot and mobilize

Operational efficiency

– Light-weight and agile – Rapid deployment and configuration – Dynamic scaling – Self-service

SLIDE 7

UTSA Cloud IaaS Challenges for Cyber Incident Sharing

IaaS clouds lack secure sharing models

– Storage – Compute – Networks

Need ability to snapshot tenant

infrastructure, share, and control who can access

– Share by copy

SLIDE 8

UTSA

Sharing Model in Cloud IaaS

Participant B

Secure Isolated Domain (SID)

Add/Remove Data Join/Leave Users Add/Remove Data Join/Leave Users Add/Remove Data Join/Leave Users

View #1: Org C View #1: Org B View #1: Org A Participant C Participant A

View #2: SID View #2: SID View #2: SID Can create multiple secure isolated projects (SIPs) within SID with different controls

SLIDE 9

UTSA

OpenStack

OpenStack

– Dominant open-source cloud IaaS software

> 200 companies ~14000 developers >130 countries 10

Ref: http://www.openstack.org

SLIDE 10

UTSA

OpenStack Access Control (OSAC)

SLIDE 11

UTSA

OSAC-SID

SLIDE 12

UTSA

Conceptual Model

ORG A ORG B

Establish/Disband Join User Join User Leave User Leave User Remove Version Merge Version Substitute User Add Version Remove Version Merge Version Substitute User Create RO/RW Subject Kill Subject Create Object Read/Update Version Suspend/Resume Version

Collaboration Group

Create RO/RW Subject Kill Subject Create Object Read/Update Version Suspend/Resume Version

Administrative Model Operational Model

Add Version Import Version

SLIDE 13

UTSA

OSAC-SID Administrative Model

SLIDE 14

UTSA

OSAC-SID Operational Model

SLIDE 15

UTSA

SID and SIP in OpenStack

SAWS

Admin: SAWSadmin

Users: Harry@SAWS IT-SAWS

member

SAPD

Admin: SAPDadmin

Users: Martin@SAPD IT-SAPD

member member member Create Join Share objects, VMs, etc.

CPS

Admin: CPSadmin

Users: Alice@CPS, Bob@CPS IT-CPS

member

SID-Critical-Infrastructure

SIP- PortScanning SIP-DOS

Users: Alice@CPS, Harry@SAWS

Admins:

CPSadmin, SAWSadmin

SLIDE 16

UTSA

Conclusion and future work

Developed sharing models

– Formal specification

Enhanced OpenStack with SID/SIP capabilities

– Cyber incident response capabilities

Self-service
SID/SIP specific security
Share data, tools, etc. in an isolated environment
Ability to execute and analyze malicious code in an isolated environment

– Practitioners can deploy a “cyber incident response” cloud – Potential blueprint for official OpenStack adoption

Future work

– more fine grained access control within a SIP – harden the implementation to prevent overt information flow

SLIDE 17

UTSA

Presented by: Amy(Yun) Zhang

Secure Information and Resource Sharing in Cloud Infrastructure as a Service

Cyber Incident Response

Models for Information and Resource Sharing

Information Sharing and Coordination Initiatives

coordination to enhance situational awareness

– Share malicious activities on federal systems – Technologies, tools, procedures, analytics

UTSA

Electric Grid Scenario

electricity providers

– Local utilities, regional, state, national operators

platform that facilitates sharing

– Controlled access

UTSA

UTSA

Scope

– Information, infrastructure, tools, analytics, etc. – May want to share malicious or infected code/systems (e.g. virus, worms, etc.) – Sensitive – Often ad hoc

such circumstances?

– Information sharing models – Infrastructure, technologies, platforms

UTSA

Cyber Infrastructure for Sharing

– Shared storage

– Shared infrastructure

– Cloud

UTSA Cloud IaaS Advantages for Cyber Incident Sharing

– Theoretically, one can take a snapshot and mobilize

– Light-weight and agile – Rapid deployment and configuration – Dynamic scaling – Self-service

UTSA Cloud IaaS Challenges for Cyber Incident Sharing

– Storage – Compute – Networks

infrastructure, share, and control who can access

– Share by copy

UTSA

Sharing Model in Cloud IaaS

UTSA

OpenStack

– Dominant open-source cloud IaaS software

UTSA

OpenStack Access Control (OSAC)

UTSA

OSAC-SID

UTSA

Conceptual Model

UTSA

OSAC-SID Administrative Model

UTSA

OSAC-SID Operational Model

UTSA

SID and SIP in OpenStack

UTSA

Conclusion and future work

UTSA

Thanks